User authentification

ABSTRACT

In a method of verifying a user, a pass-sentence (Z 1 , Z 2  . . . Z N ), comprising a string of word blocks which in sequence form a sentence known to the user, is associated with the user at step  12 . At step  13 , a pass number (Y 1 , Y 2  . . . Y N ) comprising a string of numbers between 0 and 9 is associated with the user. At step  14 , a table having N+1 columns and ten rows is generated. The first column is filled with digits 0 to 9 sequentially from top to bottom. The word blocks Z 1  to Z 8  are each included in the table thus: Zp is placed in column P+1 and in row Yp. The other cells in the table are then filled with suitable word blocks so that each column contains word blocks of the same type. A user knowing their pass-sentence and seeing the table then determines their passnumber by identifying the row number for which the first word block in their pass-sentence is found, and so on, and enters it at step  16 . The input is compared at step  17  to the passnumber from step  13 . If the numbers are the same, then step  18  determines that the user is valid.

This invention relates to a method of validating a user, and to a deviceand a system for implementing the method. This invention relates also toa software product, and to a computer readable medium.

When a designer determines how long a password or passnumber must be andwhat nature it must take in designing a system or device, a compromiseneeds to be made between the security conferred by the pass and thememorability of it. Short passes, such as the four-number passescommonly used with ATMs (automatic teller machines) do not confer agreat deal of security (the number of possible combinations—including“0000”—is just 10,000). Longer passes, on the other hand, especiallynumeric passes, are easy to forget. Passwords are generally consideredas easier to remember than passnumbers of the same length. However,passwords are not easily usable with numeric input devices such astelephone keypads and television or video player remote controls.

Systems which involve strings of words in user validation are disclosedin JP 09-114785, JP 2001-053739 and WO 00/57370. Other userauthentication systems are disclosed in U.S. Pat. No. 6,035,406 and JP07-336348.

It is an aim of the invention to provide a user validation system,device and method which achieves the security and inputability benefitsfound with numeric passes and the memorability benefits found withword-passed passes.

According to a first aspect of the invention, there is provided a methodof validating a user, the method comprising associating a pass-sentencecomprising a string of word blocks (Z₁, Z₂ . . . Z_(N)) with the user,associating a passnumber comprising a string of numeric characters (Y₁,Y₂ . . . Y_(N)) with the user, generating from the passnumber and thepass-sentence a table having columns in a vertical or horizontaldirection and rows in the other direction, in which each word block ofthe pass-sentence (Z_(p)) is located in a column dependent on the numberof preceding word blocks (P−1) in the pass-sentence and in a rowdependent on the corresponding character (Y_(p)) in the pass-sentence,displaying the table, receiving an input comprising a string of numericcharacters, comparing the input to the passnumber, and determining ifthe input is a valid input on the basis of the comparison.

The generating step may comprise recalling the table from a storagedevice. Preferably, though, the generating step comprises generating thetable at random, allowing the passnumber to vary on each occasion ofrequiring the passnumber. Preferably word blocks for use in generatingthe table are stored in a storage device. More preferably the number ofword blocks stored in the storage device is approximately equal to thenumber of word block spaces in the table. This can allow the table tovary on each occasion whilst using the same word blocks, so that thepass-sentence cannot be deduced by examining different tables andidentifying word blocks common to the tables. Preferably, the table isfilled with words such that each of the possible routes from one side tothe opposite side produces a grammatically correct sentence. This may beachieved by filling the cells in each column with words of the sametype, e.g. pronoun, adjective, past-participle, or with word strings ofthe same type.

The invention also comprises a software product comprising computerexecutable instructions for carrying out the above method, and computerreadable media having stored therein such a software product.

The invention also provides a device arranged for implementing the abovemethod, and a system arranged for implementing the method.

Embodiments of the invention will now be described, by way of exampleonly, with reference to the accompanying drawings, of which:

FIG. 1 is a flowchart illustrating a method according to one aspect ofthe invention;

FIGS. 2 and 3 are schematic diagrams illustrating respective embodimentsof devices according to one aspect of the invention.

FIG. 4 is a schematic diagram of a system according to one aspect of theinvention;

FIG. 5 is a flowchart illustrating operation of the components of theFIG. 4 system; and

FIG. 6 is a schematic diagram of a second embodied system, according toone aspect of the invention.

A method of verifying a user is now described with reference to FIG. 1.Referring to FIG. 1, the method 10 begins at step 11, after which apass-sentence is associated with the user at step 12. This step involvesthe reading from an electronic memory a string of word blocks which insequence form a sentence known to the user. In this example, thepass-sentence (Z₁, Z₂ . . . Z_(N)) comprises the following sequence(separate word blocks are included within brackets): (I) (walked) (tothe) (zoo) (and) (saw) (a) (monkey). At step 13, a pass number (Y₁, Y₂ .. . Y_(N)) is associated with the user. The passnumber comprises astring of numbers between 0 and 9, the length of the string (the numberof numbers) being equal to the number N of word blocks in thepass-sentence (here N=8). In this example, the passnumber is 64310972.At step 14, a table is generated. The table has N+1 columns, and tenrows. The first column is filled with digits 0 to 9 sequentially fromtop to bottom. The word blocks Z₁ to Z₈ are each included in the tableat a position dictated by the value of the corresponding digit in thepassnumber and the number of the word block in the pass-sentence. Therelationship can be defined thus: Zp is placed in column P+1 and in rowYp. The other cells in the table are then filled with suitable wordblocks so that each column contains word blocks of the same type, forexample nouns, articles, past participles etc. This allows a number ofsentences equal to 10^(N) to be readable from left to right across thetable. Most of these sentences will be nonsensical, but each will begrammatically correct. At step 15, the table is displayed. An example isshown in table 1. TABLE 1 0 Fred ran through the car and threw ones tree1 They went up the zoo then slapped the shoe 2 Ma sailed across thetheatre and melted its monk 3 Rick thought to the hill then breathedtheir bucket 4 She walked by the box but froze my ticket 5 He saw aroundthe tourist but kicked her bike 6 I talked about the bus and hung mum'sduster 7 Pa rode against the car but dribbled a mug 8 Rob swarm underthe TV then dropped his trolley 9 Peter flew into the mallet and sawdad's face

A user knowing their pass-sentence and seeing the table then determinestheir passnumber. This is done by finding the row in the second columnin which the first word block in their pass-sentence is found, andtracing that to the first column to find the corresponding digit. Thiscontinues for each subsequent column until the passnumber is found. Thisis then entered, using a keypad for example. Of course, the user mayenter each digit as it is determined from the table, to avoid having toremember N digits before entering the passnumber. The method 10 remainsat step 16 until a passnumber is entered. On receiving an input, it iscompared at step 17 to the passnumber from step 13. If the comparisonstep 17 determines that the numbers are the same, then step 18determines that the user is valid. In this connection, it will beappreciated that where plural rows in a column contain the same wordblock, any of the digits corresponding to the correct word block isacceptable. Viewed differently, it might be considered that there areplural valid passnumbers, one for each combination of word blocks whichin sequence form the pass-sentence. If the input is not the same as thepassnumber, an invalid user determination is made at step 18. The method10 ends at step 19.

Apparatus for implementing the method of FIG. 1 is shown in FIG. 2.Referring to FIG. 2, a mobile telephone is shown schematically at 20. Itincludes a CPU (central processing unit) 21, which is connected to eachof a memory 22, a display 23 and a numeric keypad 24. Audio messagehandling means (not shown) including transceiver, microphone and speakeror earpiece will also be provided. The CPU 21 is loaded with softwarefrom the memory 22 suitable for controlling the CPU to carry out thesteps 12-14 of FIG. 1. Here, there is no ‘user logon’ step. At step 15,the table is displayed on the display 23, following which an input isentered by a user using the keypad 24. The CPU 21 then carries out steps17 and 18 of the method 10. The pass-sentence is preferably stored inthe memory 22, for recalling by the CPU 21 at step 12. Alternatively,the pass-sentence may be received as an SMS message, for example.

Alternative apparatus is shown in FIG. 3. Here, a television 30 isoperated by a user through a remote control 31, which sends infra redsignals dependent on keys pressed on a keypad 32 including numbers 0 to9. These signals are received at an infra red receiver 33, which isconnected to a CPU 34 along with a memory 35 and a display control 36.Operation is the same as with the FIG. 2 embodiment, except that inputis made by a user using the keypad 32 on the remote control 31.

A system implementing the FIG. 1 method is shown in FIG. 4. Referring toFIG. 4, the system 40 comprises a server computer 41 and a clientcomputer 42. The server computer 41 includes a communications module 43and a memory 44, each connected to a CPU 45.

At the other end of a secure link 46, a communications module 47 in theclient 42 enables communication with the server 41. A CPU 48 isconnected to the communications module 47, to a display 49 and to akeypad 50. The server computer 41 may be a banking computer and theclient 42 an ATM, for example. Operation will now be described withreference to FIG. 5.

Referring to FIG. 5, a first operation 51 is run on the server 41, and asecond operation 52 is run on the client 42. User details are receivedat the client 42 at step 52 a, for example from a magnetic account card(not shown). The user details are sent at step 52 b to the server 41,where they are received at step 51 a. Meanwhile, the client 42 awaitsinput of a table at step 52 b. The server 41 at step 51 b retrieves apass-sentence associated with the user from its memory 44, thengenerates a passnumber at step 51 c, before generating a table at step51 d in the manner described above in relation to FIG. 1. The table isthen sent at step 51 e, following which the server 41 waits at step 51 ffor an input. When the client 42 receives the table, it displays it atstep 52 c, then awaits an input at step 52 d. When an input is received,it is sent at step 52 e to the server 41, following which the client 42awaits a verification signal at step 52 f. When an input is received atthe server 41, it is compared to the passnumber at step 51 g, andvalidity determined at step 51 h. If the user is valid, a positiveverification signal is sent at step 51 k before the operation ends atstep 51 j. Otherwise, a negative verification signal is sent at step 51i, before ending at step 51 j. At the client 42, the verification signalis examined at step 52 g, and the user verified at step 52 i or notverified at step 52 j as appropriate before ending at step 52 k.

An alternative system is shown in FIG. 6. Referring to FIG. 6, referencenumerals are retained from FIG. 4 for like elements. Here, thepass-sentence is stored in a memory 60 in the client 42, and the server41 has no knowledge of it. In this embodiment, the method of FIG. 1 iscarried out entirely on the client 42, which the server 41 must acceptas trustable. Once a user has been verified by the client 42, the useris given access to communicate with the server 41 via the client. Here,the client 42 may have knowledge of the pass-sentence because the userinitially set up their account on that client, or because thepass-sentence is encrypted on a smart card read by the client, forexample.

In the above embodiments, the table may, instead of being generated atrandom for each login, be generated by the simple reading of a tablefrom memory. In this case, the table is the same for each login, whichhas the advantage that the passnumber is always the same. If the tableis generated at random on each login, though, this has the advantagethat the passnumber is different every time, which avoids security beingcompromised if a user is watched entering their input number string.Preferably, each time a table is generated at random, the same words areused, albeit in different locations. This feature prevents thepass-sentence being derivable from examination of plural tables, with aview to seeing what word blocks are common to the tables.

In an alternative embodiment, plural tables are stored in memory, and atable is selected, preferably at random, on user login.

From reading the present disclosure, other variations and modificationswill be apparent to persons skilled in the art. Such variations andmodifications may involve equivalent and other features which arealready known in the art and which may be used instead of or in additionto features already described herein. Although claims have beenformulated in this Application to particular combinations of features,it should be understood that the scope of the disclosure of the presentinvention also includes any novel features or any novel combination offeatures disclosed herein either explicitly or implicitly or anygeneralisation thereof, whether or not it relates to the same inventionas presently claimed in any claim and whether or not it mitigates any orall of the same technical problems as does the present invention. TheApplicants hereby give notice that new claims may be formulated to suchfeatures and/or combinations of such features during the prosecution ofthe present Application or of any further Application derived therefrom

1. A method of validating a user, the method comprising: associating apass-sentence comprising a string of word blocks (Z₁, Z₂ . . . Z_(N))with the user (12); associating a passnumber comprising a string ofnumeric characters (Y₁, Y₂ . . . Y_(N)) with the user (13); generating(14) from the passnumber and the pass-sentence a table having columns ina vertical or horizontal direction and rows in the other direction, inwhich each word block of the pass-sentence (Z_(p)) is located in acolumn dependent on the number of preceding word blocks (Z_(p)) in thepass-sentence and in a row dependent on the corresponding character(Y_(p)) in the pass-sentence; displaying the table (15); receiving aninput comprising a string of numeric characters (16); comparing theinput to the passnumber (17); and determining if the input is a valid(18) input on the basis of the comparison.
 2. A method as claimed inclaim 1, in which the generating step comprises recalling the table froma storage device.
 3. A method as claimed in claim 1, in which thegenerating step comprises generating the table at random.
 4. A method asclaimed in claim 3, in which word blocks for use in generating the tableare stored in a storage device.
 5. A method as claimed in claim 4, inwhich the number of word blocks stored in the storage device isapproximately equal to the number of word block spaces in the table. 6.A method as claimed in any preceding claim, in which the table is filledwith words such that each of the possible routes from a firstword-filled column to a last word-filled column produces a grammaticallycorrect sentence.
 7. A method as claimed in claim 6, in which cells ineach column are filled with words or with word strings of the same type.8. A software product comprising computer executable instructions forcarrying out the method of any preceding claim.
 9. Computer readablemedia having stored thereon a software product as claimed in claim 8.10. A device arranged for implementing the method of any of claims 1 to7.
 11. A system arranged for implementing the method of any of claims 1to 7.